From e300e13e9fda0e4aaf67675d7578fa0505036c6e Mon Sep 17 00:00:00 2001 From: Modun Zhang Date: Tue, 3 Nov 2015 16:49:38 +0800 Subject: [PATCH 1/7] =?UTF-8?q?=E5=9C=A8=E4=B8=8D=E6=94=AF=E6=8C=81libpome?= =?UTF-8?q?lo2=E7=9A=84=E8=AE=BE=E5=A4=87=E4=B8=AD(=E5=A6=82windows=20phon?= =?UTF-8?q?e)=E4=BD=BF=E7=94=A8=20DH=20+=20RC4=20=E7=AE=97=E6=B3=95?= =?UTF-8?q?=E6=8F=90=E4=BE=9B=E9=80=9A=E4=BF=A1=E5=8A=A0=E5=AF=86=E5=8A=9F?= =?UTF-8?q?=E8=83=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/common/service/sessionService.js | 11 +++++++++++ lib/components/connector.js | 6 ++++++ lib/connectors/commands/handshake.js | 21 +++++++++++++++++++++ lib/connectors/common/handler.js | 7 +++++++ 4 files changed, 45 insertions(+) diff --git a/lib/common/service/sessionService.js b/lib/common/service/sessionService.js index d21acf7b1..7c45034f6 100644 --- a/lib/common/service/sessionService.js +++ b/lib/common/service/sessionService.js @@ -1,4 +1,5 @@ var EventEmitter = require('events').EventEmitter; +var crypto = require('crypto') var util = require('util'); var logger = require('pomelo-logger').getLogger('pomelo', __filename); var utils = require('../../util/utils'); @@ -514,6 +515,10 @@ Session.prototype.get = function(key) { * @param {Object} msg final message sent to client */ Session.prototype.send = function(msg) { + if(!!this.__socket__.__serverSecret){ + var cipher = crypto.createCipher('rc4', this.__socket__.__serverSecret); + msg = cipher.update(msg); + } this.__socket__.send(msg); }; @@ -523,6 +528,12 @@ Session.prototype.send = function(msg) { * @param {Array} msgs list of message */ Session.prototype.sendBatch = function(msgs) { + for(var i = 0; i < msgs.length; i ++){ + var msg = msgs[i]; + var cipher = crypto.createCipher('rc4', this.__socket__.__serverSecret); + msg = cipher.update(msg); + msgs[i] = msg; + } this.__socket__.sendBatch(msgs); }; diff --git a/lib/components/connector.js b/lib/components/connector.js index f2906f54b..9872269b5 100644 --- a/lib/components/connector.js +++ b/lib/components/connector.js @@ -1,3 +1,4 @@ +var crypto = require('crypto') var logger = require('pomelo-logger').getLogger('pomelo', __filename); var taskManager = require('../common/manager/taskManager'); var pomelo = require('../pomelo'); @@ -23,6 +24,7 @@ var Component = function(app, opts) { this.encode = opts.encode; this.decode = opts.decode; this.useCrypto = opts.useCrypto; + this.useCrypto2 = opts.useCrypto2; this.blacklistFun = opts.blacklistFun; this.keys = {}; this.blacklist = []; @@ -216,6 +218,10 @@ var bindEvents = function(self, socket) { // new message socket.on('message', function(msg) { + if(self.useCrypto2){ + var decipher = crypto.createDecipher('rc4', socket.__serverSecret); + msg.body = decipher.update(msg.body); + } var dmsg = msg; if(self.decode) { dmsg = self.decode.call(self, msg, session); diff --git a/lib/connectors/commands/handshake.js b/lib/connectors/commands/handshake.js index 63b0b6088..46d36a637 100644 --- a/lib/connectors/commands/handshake.js +++ b/lib/connectors/commands/handshake.js @@ -1,5 +1,6 @@ var pomelo = require('../../pomelo'); var Package = require('pomelo-protocol').Package; +var crypto = require('crypto') var CODE_OK = 200; var CODE_USE_ERROR = 500; @@ -27,6 +28,7 @@ var Command = function(opts) { this.useDict = opts.useDict; this.useProtobuf = opts.useProtobuf; this.useCrypto = opts.useCrypto; + this.useCrypto2 = opts.useCrypto2; }; module.exports = Command; @@ -85,6 +87,25 @@ Command.prototype.handle = function(socket, msg) { pomelo.app.components.__connector__.setPubKey(socket.id, msg.sys.rsa); } + if(this.useCrypto2){ + if(!msg.sys.clientKey || 'string' !== typeof msg.sys.clientKey || msg.sys.clientKey.trim().length === 0){ + return processError(socket, CODE_USE_ERROR); + } + var clientKey = msg.sys.clientKey; + var challenge = crypto.randomBytes(8).toString('base64'); + var serverDiff = crypto.getDiffieHellman('modp5'); + serverDiff.generateKeys(); + var serverKey = serverDiff.getPublicKey('base64'); + var serverSecret = serverDiff.computeSecret(clientKey, 'base64', 'base64'); + opts.crypto2 = true; + opts.serverKey = serverKey; + opts.challenge = challenge; + socket.__serverSecret = serverSecret; + var cipher = crypto.createCipher('rc4', serverSecret); + var rc4 = cipher.update(challenge, 'utf8', 'base64'); + rc4 += cipher.final('base64'); + socket.__challenge = rc4; + } if(typeof this.userHandshake === 'function') { this.userHandshake(msg, function(err, resp) { if(err) { diff --git a/lib/connectors/common/handler.js b/lib/connectors/common/handler.js index e29aa9de0..6b9fcde79 100644 --- a/lib/connectors/common/handler.js +++ b/lib/connectors/common/handler.js @@ -25,6 +25,13 @@ var handleHandshakeAck = function(socket, pkg) { return; } socket.state = ST_WORKING; + if(socket.__serverSecret){ + var body = JSON.parse(protocol.strdecode(pkg.body)); + if(!body || body.challenge !== socket.__challenge){ + return socket.emit('error', new Error('challenge failed')) + } + delete socket.__challenge; + } socket.emit('heartbeat'); }; From caf2700880a908f37cf598ce057349443a34eb1a Mon Sep 17 00:00:00 2001 From: Modun Zhang Date: Tue, 3 Nov 2015 16:53:57 +0800 Subject: [PATCH 2/7] =?UTF-8?q?=E5=9C=A8=E4=B8=8D=E6=94=AF=E6=8C=81libpome?= =?UTF-8?q?lo2=E7=9A=84=E8=AE=BE=E5=A4=87=E4=B8=AD(=E5=A6=82windows=20phon?= =?UTF-8?q?e)=E4=BD=BF=E7=94=A8=20DH=20+=20RC4=20=E7=AE=97=E6=B3=95?= =?UTF-8?q?=E6=8F=90=E4=BE=9B=E9=80=9A=E4=BF=A1=E5=8A=A0=E5=AF=86=E5=8A=9F?= =?UTF-8?q?=E8=83=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/components/connector.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/components/connector.js b/lib/components/connector.js index 9872269b5..3bf694511 100644 --- a/lib/components/connector.js +++ b/lib/components/connector.js @@ -24,7 +24,6 @@ var Component = function(app, opts) { this.encode = opts.encode; this.decode = opts.decode; this.useCrypto = opts.useCrypto; - this.useCrypto2 = opts.useCrypto2; this.blacklistFun = opts.blacklistFun; this.keys = {}; this.blacklist = []; @@ -218,7 +217,7 @@ var bindEvents = function(self, socket) { // new message socket.on('message', function(msg) { - if(self.useCrypto2){ + if(!!socket.__serverSecret){ var decipher = crypto.createDecipher('rc4', socket.__serverSecret); msg.body = decipher.update(msg.body); } From 7700cbd13472cadaeacd7f0ae1c8a27a69a9c39c Mon Sep 17 00:00:00 2001 From: Modun Zhang Date: Tue, 3 Nov 2015 16:57:05 +0800 Subject: [PATCH 3/7] =?UTF-8?q?=E5=9C=A8=E4=B8=8D=E6=94=AF=E6=8C=81libpome?= =?UTF-8?q?lo2=E7=9A=84=E8=AE=BE=E5=A4=87=E4=B8=AD(=E5=A6=82windows=20phon?= =?UTF-8?q?e)=E4=BD=BF=E7=94=A8=20DH=20+=20RC4=20=E7=AE=97=E6=B3=95?= =?UTF-8?q?=E6=8F=90=E4=BE=9B=E9=80=9A=E4=BF=A1=E5=8A=A0=E5=AF=86=E5=8A=9F?= =?UTF-8?q?=E8=83=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/common/service/sessionService.js | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/lib/common/service/sessionService.js b/lib/common/service/sessionService.js index 7c45034f6..0b54e1539 100644 --- a/lib/common/service/sessionService.js +++ b/lib/common/service/sessionService.js @@ -528,11 +528,13 @@ Session.prototype.send = function(msg) { * @param {Array} msgs list of message */ Session.prototype.sendBatch = function(msgs) { - for(var i = 0; i < msgs.length; i ++){ - var msg = msgs[i]; - var cipher = crypto.createCipher('rc4', this.__socket__.__serverSecret); - msg = cipher.update(msg); - msgs[i] = msg; + if(!!this.__socket__.__serverSecret){ + for(var i = 0; i < msgs.length; i ++){ + var msg = msgs[i]; + var cipher = crypto.createCipher('rc4', this.__socket__.__serverSecret); + msg = cipher.update(msg); + msgs[i] = msg; + } } this.__socket__.sendBatch(msgs); }; From 939f855f06367f5f59698cc89df28d16ec79cc51 Mon Sep 17 00:00:00 2001 From: Modun Zhang Date: Wed, 18 Nov 2015 21:08:27 +0800 Subject: [PATCH 4/7] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E9=AA=8C=E8=AF=81challen?= =?UTF-8?q?ge=E6=97=B6,=E5=8F=AF=E8=83=BD=E5=87=BA=E9=94=99=E7=9A=84Bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/connectors/common/handler.js | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/lib/connectors/common/handler.js b/lib/connectors/common/handler.js index 6b9fcde79..cb760c3ee 100644 --- a/lib/connectors/common/handler.js +++ b/lib/connectors/common/handler.js @@ -26,8 +26,12 @@ var handleHandshakeAck = function(socket, pkg) { } socket.state = ST_WORKING; if(socket.__serverSecret){ - var body = JSON.parse(protocol.strdecode(pkg.body)); - if(!body || body.challenge !== socket.__challenge){ + try{ + var body = JSON.parse(protocol.strdecode(pkg.body)); + if(!body || body.challenge !== socket.__challenge){ + return socket.emit('error', new Error('challenge failed')) + } + }catch(e){ return socket.emit('error', new Error('challenge failed')) } delete socket.__challenge; From 0175ce0ba3ec7ab39aca91ea5e48888bb6f2889a Mon Sep 17 00:00:00 2001 From: Modun Zhang Date: Mon, 23 Nov 2015 14:13:50 +0800 Subject: [PATCH 5/7] change modp5 to modp1 --- lib/connectors/commands/handshake.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/connectors/commands/handshake.js b/lib/connectors/commands/handshake.js index 46d36a637..a8a95c8ed 100644 --- a/lib/connectors/commands/handshake.js +++ b/lib/connectors/commands/handshake.js @@ -93,7 +93,7 @@ Command.prototype.handle = function(socket, msg) { } var clientKey = msg.sys.clientKey; var challenge = crypto.randomBytes(8).toString('base64'); - var serverDiff = crypto.getDiffieHellman('modp5'); + var serverDiff = crypto.getDiffieHellman('modp1'); serverDiff.generateKeys(); var serverKey = serverDiff.getPublicKey('base64'); var serverSecret = serverDiff.computeSecret(clientKey, 'base64', 'base64'); From a8c4857f857b72f2904ff1446ee6aaf12b9ace3b Mon Sep 17 00:00:00 2001 From: Modun Zhang Date: Tue, 3 May 2016 17:42:53 +0800 Subject: [PATCH 6/7] =?UTF-8?q?=E6=96=B0=E5=A2=9E=E6=8E=A8=E9=80=81?= =?UTF-8?q?=E8=AE=A1=E6=95=B0=E5=99=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/common/remote/frontend/channelRemote.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/common/remote/frontend/channelRemote.js b/lib/common/remote/frontend/channelRemote.js index 333475fa4..f1983933d 100644 --- a/lib/common/remote/frontend/channelRemote.js +++ b/lib/common/remote/frontend/channelRemote.js @@ -41,6 +41,9 @@ Remote.prototype.pushMessage = function(route, msg, uids, opts, cb) { } else { for(j=0, k=sessions.length; j Date: Thu, 5 May 2016 20:45:40 +0800 Subject: [PATCH 7/7] =?UTF-8?q?=E5=8F=96=E6=B6=88=E6=8E=A8=E9=80=81?= =?UTF-8?q?=E8=AE=A1=E6=95=B0=E5=99=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/common/remote/frontend/channelRemote.js | 3 --- 1 file changed, 3 deletions(-) diff --git a/lib/common/remote/frontend/channelRemote.js b/lib/common/remote/frontend/channelRemote.js index f1983933d..333475fa4 100644 --- a/lib/common/remote/frontend/channelRemote.js +++ b/lib/common/remote/frontend/channelRemote.js @@ -41,9 +41,6 @@ Remote.prototype.pushMessage = function(route, msg, uids, opts, cb) { } else { for(j=0, k=sessions.length; j